I started out with the original Trezor One back in 2017. Recently upgraded to the Trezor Safe 3, and have been diving in to the more advanced security methods (aka ‘passphrases’). Have done a lot of reading around the forum - as well as reading the various Trezor blogs and videos.
First off, I’m paranoid, but that doesn’t mean they’re not out to get me, as the saying goes. Looking for some advice/thoughts on the following.
I created my first ‘dummy’ passphrase wallet successfully the other day. Moved a trivial amount of my crypto to it also successfully. Next I’m going to create a ‘genuine’ hidden wallet, the real destination for my crypto.
Now comes the path to, and problem of, plausible deniability.
If I now create a new ‘genuine’ hidden wallet, then move my crypto directly to it, my ‘standard’ wallet will have a zero balance, and the transaction history will show everything was “sold” (transferred) out of it.
First problem scenario: If I’m confronted by a malefactor who has some measure of experience regarding crypto, they may not believe me when I declare that “I sold all my crypto”. The transaction history, showing all of it being “sold” largely at once, may raise suspicion of a hidden wallet. I’m threatened that I’ll get a beating with a five dollar wrench if I don’t disclose if that is the case. I protest at some length (“No, the passphrase stuff scared me, too easy to lose all of it, and I wasn’t sure I’d do it right in the first place”, etc)… then get a whack or three with said wrench. I reluctantly ‘admit’ to moving my crypto to a hidden wallet, show my ‘dummy’ wallet - previously renamed to “hidden wallet” - and it shows only ‘dust’ in the various crypto. “See?” I proclaim, “I sold it all from the hidden wallet”. But here the transaction list shows only small transfers in of crypto, with nothing transferring out - malefactor calls my bluff, and insists I must have a ‘genuine’ hidden wallet. I take a beating with the five dollar wrench, and the malefactor is many dollars richer.
Which brings us to the second/consequent scenario: Most of the previous stipulated, but instead of transferring all my crypto to the ‘genuine’ hidden wallet directly, I transfer it first to the ‘dummy’ hidden wallet, then over time transfer it to the ‘genuine’ hidden wallet. That makes the dummy wallet look less like one, as the transactions show all the crypto coming in, then gradually the crypto all ‘sold’ elsewhere - to the ‘genuine’ hidden wallet. But if the malefactor is savvy enough to know about hidden wallets in the first place, he’ll again call my bluff as above, I’ll take an even more severe beating, and he’ll become many dollar richer.
The overriding problem here is the transaction history. Unless I engage in a long, drawn out process (weeks? months?) of “selling” my crypto out of the dummy wallet to the ‘genuine’ hidden wallet, it will be very hard to explain under duress.
As above, I’m aware this is serious paranoia. But the first step to real security is paranoia, and plausible deniability follows right behind.
The fact that the Trezor suite always shows the “+ Passphrase Wallet” in the opening dropdown essentially gives away the very idea that there may be other wallets, right from the start. A feature to ‘hide’ that from the interface would be great, but I doubt it would happen. Plus - savvy Mr. malefactor knows his way around a Trezor, so he knows it’s been manually hidden via the settings!
Having written all this out, the very last path described above - move it all to ‘dummy’ wallet, then trickle it out to the ‘genuine’ wallet, seems the way to go. It’s not perfect, but it feigns a believable story of being extra careful with the crypto, then “selling it” all. But I’d be interested in other perspectives of this, or, even better, superior ideas to this.